Gender- and Neurodiversity in Cybersecurity - Talking Equity with Dr. Jacqui Taylor

In today's episode of State of (Cyber)War, Hugo Tarrida and John Salomon talk about China's approach to cyberwar.  What is the history behind Chinese cyber capabilities?  What are Chinese geopolitical, economic, and social objectives that drive their international cyber activities?  What are some of the biases that we should be aware of when evaluating the trajectory of China and its cyberwar abilities?

Also don't forget to check out our previous video about Chinese disinformation activities here:  https://youtu.be/xBAJ2rBKrMc

Notes and links:

Hugo Tarrida on LinkedIn: https://www.linkedin.com/in/hugo-tarrida-32915a204/
John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/

Wikipedia article worth reading about Chinese cyber warfare:  https://en.wikipedia.org/wiki/Cyberwarfare_by_China

05:42 Granted, Stuxnet was a joint US-Israeli venture - https://en.wikipedia.org/wiki/Stuxnet
07:06 https://www.reuters.com/world/russia-says-its-working-major-new-agreement-with-iran-2023-12-12/
14:05 Titan Rain - https://en.wikipedia.org/wiki/Titan_Rain
 Related:  Operation Aurora (2009) - https://en.wikipedia.org/wiki/Operation_Aurora
15:20 https://www.npr.org/2022/05/11/1098368201/a-spying-scandal-and-the-fate-of-western-sahara
17:07 The case of Wen Ho Lee, one of several perpetrators of military espionage:  https://sgp.fas.org/crs/nuke/RL30143.pdf
20:30 https://nattothoughts.substack.com - Nellie Ohr and her team do excellent analysis work
20:50 "An Analysis of China's Great Cannon" - https://www.usenix.org/system/files/conference/foci15/foci15-paper-marczak.pdf
 Shoutout to fellow UC Berkeley CSUA member Nick Weaver for co-authoring this paper)
27:48 E.g. "The 'Century of Humiliation' and China's National Narratives" - https://www.uscc.gov/sites/default/files/3.10.11Kaufman.pdf
29:42 Belt and Road Initiative - https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative
32:38 Referenced here:  https://en.wikipedia.org/wiki/Chinese_information_operations_and_information_warfare ("Definitions" section)
32:45 The Three Warfares:  https://apps.dtic.mil/sti/tr/pdf/ADB372300.pdf
34:04 The Nine-Dash Line:  https://chinaus-icas.org/research/map-spotlight-nine-dash-line/
34:52 In fact, ruled to be explicitly illegal by the Permanent Court of Arbitration in 2016:
 https://pca-cpa.org/en/news/pca-press-release-the-south-china-sea-arbitration-the-republic-of-the-philippines-v-the-peoples-republic-of-china/
36:19 US FBI director Christopher Wray recently warned about this:  https://www.npr.org/2024/01/31/1228153857/wray-chinese-hackers-national-security

The State of (Cyber)War is a project by members of the Cybersecurity Advisors Network (CyAN), with an interest in information security topics relevant to geopolitics, military cyberdefence, diplomacy, and other international topics.  We discuss various aspects of both current and past issues from the point of view of interested amateurs with varying degrees of experience in the field, in a not-always-entirely-serious format.  

Visit the Cybersecurity Advisors Network at https://cybersecurityadvisors.network

Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/

Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Original YouTube video at https://youtu.be/HLVPDojARh0

Join James Briscoe and John Salomon in the latest episode of the State of (Cyber)War podcast as they discuss the People's Republic of China and some of its disinformation capabilities.

This informal conversation includes discussion about Chinese foreign election interference, domestic social media manipulation, Taiwan, China's foreign political and economic interests and more.  

John Salomon - https://www.linkedin.com/in/johnsalomon/
James Briscoe - https://www.linkedin.com/in/jimbriscoe/

02:10 Xi Jinping's new year's address, via CCTV:  https://youtu.be/TEd3CtcL1pU?si=MAiKGP-SPjm8cjCe
02:50 Xi Zhongxun, Chinese revolutionary leader:  https://en.wikipedia.org/wiki/Xi_Zhongxun
04:00 Taiwanese elections 2024:  https://en.wikipedia.org/wiki/2024_Taiwanese_general_election
04:08 Kuomintang:  https://en.wikipedia.org/wiki/Kuomintang
04:27 Democratic Progressive Party:  https://en.wikipedia.org/wiki/Democratic_Progressive_Party
05:45 1992 Consensus:  https://thediplomat.com/2022/07/the-1992-consensus-why-it-worked-and-why-it-fell-apart/
07:15 These are the Valemax ore carriers:  https://vale.com/w/fleet-of-ships-serving-vale-receives-first-ore-carrier-in-the-world-equipped-with-rotor-sails
09:12 50 Cent Party:  https://en.wikipedia.org/wiki/50_Cent_Party
09:52 Nine-dotted line:  https://en.wikipedia.org/wiki/Nine-dash_line
10:04 Belt and Road Initiative:  https://www.cfr.org/backgrounder/chinas-massive-belt-and-road-initiative
13:00 https://www.reuters.com/article/idUSSIN277923/
13:43 NY Times article on the topic:  https://www.nytimes.com/2023/09/11/us/politics/china-disinformation-ai.html
14:15 https://en.wikipedia.org/wiki/2023_Chinese_balloon_incident
14:42 A lot of this is obviously speculation.  https://www.wired.com/story/east-palestine-ohio-train-derailment-tiktok/
16:42 Asia Infrastructure Investment Bank:  https://www.aiib.org/en/index.html
19:35 An article about PRC influence on the Taiwanese elections:  https://www.theguardian.com/world/2024/jan/09/taiwan-presidential-election-china-influence
20:32 https://www.npr.org/2023/11/30/1215898523/meta-warns-china-online-social-media-influence-operations-facebook-elections
21:05 A US State Department briefing on this topic:  https://www.state.gov/briefings-foreign-press-centers/how-the-prc-amplifies-russian-disinformation
24:15 United Front Work Department:  https://en.wikipedia.org/wiki/United_Front_Work_Department
26:25 Some points about interference in US elections:  https://gdil.org/russian-and-chinese-influence-actors-and-operations-against-the-american-electorate/
29:34 Hundred Years of Humiliation:  https://en.wikipedia.org/wiki/Century_of_humiliation
30:30 The Avoidable War, by Kevin Rudd:  https://www.avoidablewar.com/
32:23 Natto Thoughts:  https://nattothoughts.substack.com/
32:26 The disinformation handbook (part I):  https://nattothoughts.substack.com/p/disinformation-handbook-a-concise

A few links on the topic worth reading:

Chinese information operations against Taiwan:

https://therecord.media/taiwan-elections-china-interference
https://www.theguardian.com/world/2024/jan/09/taiwan-presidential-election-china-influence
https://thediplomat.com/2024/01/beijing-tries-to-capitalize-on-taiwans-controversial-rocket-alert/
https://thediplomat.com/2024/01/rip-off-the-blindfold-let-taiwanese-civil-society-learn-from-ukraine/
https://fpri.org/article/2023/12/whats-at-stake-in-upcoming-taiwan-election/

General Chinese disinfo operations:

https://www.rand.org/pubs/commentary/2023/10/dismantling-the-disinformation-business-of-chinese.html
https://www.defenceconnect.com.au/joint-capabilities/13356-report-massive-chinese-disinformation-campaign-uncovered-on-youtube

https://medium.com/doublethinklab/propaganda-analysis-how-different-actors-in-chinas-information-ecosystem-portray-the-ukraine-war-ac82713c2f68
https://www.npr.org/2023/11/30/1215898523/meta-warns-china-online-social-media-influence-operations-facebook-elections

The State of (Cyber)War is a project by members of the Cybersecurity Advisors Network (CyAN), with an interest in information security topics relevant to geopolitics, military cyberdefence, diplomacy, and other international topics.  We discuss various aspects of both current and past issues from the point of view of interested amateurs with varying degrees of experience in the field, in a not-always-entirely-serious format.  

Visit the Cybersecurity Advisors Network at https://cybersecurityadvisors.network

Intro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/
Outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Original YouTube video at https://youtu.be/xBAJ2rBKrMc

Welcome to episode 2 of CyAN's State of (Cyber) War series.

Today, James Briscoe and John Salomon talk about Japan - its national cyberdefence capabilities, the regional and global threat landscape, regulations and laws, and how all of these are evolving in the face of changing geopolitical realities and technologies.

A few notes from our chat:

02:25 US-Japan 1960 joint security treaty:  https://www.mofa.go.jp/region/n-america/us/q&a/ref/1.html
02:37 Article 9 Japanese constitution:  https://en.wikipedia.org/wiki/Article_9_of_the_Japanese_Constitution
02:45 SCAP:  Supreme commander allied powers
02:58 Japan Self Defense Forces:  https://en.wikipedia.org/wiki/Japan_Self-Defense_Forces
05:01 2019 US-Japan security treaty update:  https://www.mofa.go.jp/files/000470738.pdf
06:54 national security strategy end of 2022:  https://www.cas.go.jp/jp/siryou/221216anzenhoshou/nss-e.pdf
08:14 Lazarus Group:  https://www.aljazeera.com/news/2023/12/9/us-japan-south-korea-launch-new-efforts-to-counter-n-korea-cyber-threats
10:35 Lazarus Group's cryptocurrency thefts:  https://www.coindesk.com/markets/2023/12/01/north-korean-hackers-lazarus-group-stolen-3b-in-cryptocurrency/
11:29 https://www.dragonflyintelligence.com/news/japan-shift-to-a-more-offensive-cyber-posture-in-2023/
11:35 https://asia.nikkei.com/Politics/Japan-to-quadruple-cyber-defense-forces-meeting-threats-head-on
12:47 The 2016 revision in question:  https://www.mofa.go.jp/files/000143304.pdf
13:37 The spending increase to 2% request:  https://www.reuters.com/business/aerospace-defense/japan-makes-record-defence-spending-request-amid-tension-with-china-2023-08-31/
13:59 It's actually 2% as well:  https://www.nato.int/docu/review/articles/2023/07/03/defence-spending-sustaining-the-effort-in-the-long-term/index.html
14:39 CCDCOE:  https://ccdcoe.org/
14:46 Locked Shields exercise:  https://ccdcoe.org/exercises/locked-shields/
15:33 The official in question was former US Director of National Intelligence Dennis Blair:  https://japannews.yomiuri.co.jp/politics/political-series/20221122-72394/
16:05 The Japanese National Security Strategy allows for development of a posture for information warfare and introduction of active cyber defence in cybersecurity. It will create a government information warfare department, allowing government to aggregate and analyze the situation on disinformation originated abroad.  The National Center for Incident Readiness and Strategy for Cybersecurity is to be restructured to establish an new organisation to coordinate policies between the police and JSDF. This will allow for active cyber defence against attackers. Training for 4000 cyber ‘warriors’ and 16k cyber-capable JSDF members over 5 years is also foreseen.  The Ministry of Foreign Affairs plans AI to enhance monitoring of information and intelligence analysis. Furthermore, defence industry profit margin will be permitted to increase to a max of 15%.
16:45 The Nagoya port ransomware attack of July 2023:  https://www.bloomberg.com/news/articles/2023-07-06/nagoya-port-delays-restart-following-alleged-ransomware-attack
17:10 The Chinese cyberattack on the Japanese defence network:  
https://www.japantimes.co.jp/news/2023/08/08/japan/japan-china-hack-defense-network/ - WaPo article:  https://www.washingtonpost.com/national-security/2023/08/07/china-japan-hack-pentagon/
17:23 KillNet ceases attacks on Japan:  https://english.kyodonews.net/news/2022/09/9846d4bf7aee-pro-russia-hacker-group-stops-cyberattacks-on-japan-due-to-money-woes.html
20:17 2023 Amendments to Telecommunications Business Act:  https://www.dataguidance.com/news/japan-amendments-telecommunications-business-act-enter
20:20 Unauthorized Computer Access Law (UCAL):  https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/japan

James Briscoe on LinkedIn:  https://www.linkedin.com/in/jimbriscoe/
John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/

Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network

Original YouTube video version:  https://youtu.be/Fmuno8ohJPs

Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/

Welcome to episode 1 of CyAN's new State of (Cyber) War series.

Join John Salomon and James Briscoe in a discussion of offensive cyberoperations involving Russian actors, parallels to historical attacks on civilians, expectations and limitations of information operations, and more.

A few notes from our chat:

05:10  James' research paper on Russia/Ukraine:  https://www.linkedin.com/feed/update/urn:li:activity:6899132398601162752/
05:30  Conti ransomware group:  https://flashpoint.io/blog/history-of-conti-ransomware/
08:55  2016 Ukraine power grid attacks:  https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/
11:15  Stuxnet:  https://en.wikipedia.org/wiki/Stuxnet
12:47  James' follow-up work: https://www.linkedin.com/feed/update/urn:li:activity:6944843584533581824/
14:35  The Dukes:  https://www.cfr.org/cyber-operations/dukes
 Cozy Bear:  https://www.crowdstrike.com/adversaries/cozy-bear/
 NotPetya:  https://en.wikipedia.org/wiki/2017_Ukraine_ransomware_attacks
18:32  Lazarus Group:  https://www.trendmicro.com/vinfo/pl/security/news/cybercrime-and-digital-threats/a-look-into-the-lazarus-groups-operations
20:11  2022 Yandex Moscow taxi hack:  https://www.euronews.com/my-europe/2022/09/02/gridlock-as-hackers-order-hundreds-of-taxis-to-same-place-in-moscow
20:25  2023 GUR Russian state tax service hack:  https://therecord.media/ukraine-intelligence-claims-attack-on-russia-tax-service
23:22  2022 Belarus railway hack:  https://www.theguardian.com/world/2022/jan/25/cyberpartisans-hack-belarusian-railway-to-disrupt-russian-buildup
24:04  Alexander Lukashenko and the Ukraine invasion map:  https://www.independent.co.uk/news/world/europe/lukashenko-ukraine-russia-belarus-invasion-map-b2026440.html
25:23  Syrian Electronic Army:  https://en.wikipedia.org/wiki/Syrian_Electronic_Army
29:03  Momotarō no Umiwashi came out in 1942:  https://en.wikipedia.org/wiki/Momotar%C5%8D_no_Umiwashi

Original YouTube video is at https://youtu.be/VlP_L3xX2Lo

James Briscoe on LinkedIn:  https://www.linkedin.com/in/jimbriscoe/
John Salomon on LinkedIn:  https://www.linkedin.com/in/johnsalomon/

Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network

Intro/outro music courtesy of AlexiAction via Pixabay: https://pixabay.com/users/alexiaction-26977400/

Juan Ignacio Nicolossi, PRODAFT Team Leader for threat intelligence, joins us today from Chile to discuss the Snatch ransomware group.  Active since mid-2018, Snatch has caused havoc in a variety of companies and government agencies.  

In this episode, we discuss Snatch's techniques, the significance of how they use stolen information, and how their approach to what's important to customers means for the future of extortion.  

CISA #StopRansomware Snatch advisory:  https://www.cisa.gov/sites/default/files/2023-09/joint-cybersecurity-advisory-stopransomware-snatch-ransomware_0.pdf

Ransomlook.io Snatch profile:  https://www.ransomlook.io/group/snatch

ALPHV (BlackCat) regulatory extortion article:  https://www.darkreading.com/risk/alphv-ransomware-group-files-sec-complaint-against-own-victim

PRODAFT is a Netherlands-based cyber-threat intelligence analysis firm - their website is at https://prodaft.com

Full disclosure:  John Salomon is a paid, part-time advisor to PRODAFT.  

Juan Nicolossi's LinkedIn profile is at https://www.linkedin.com/in/juan-ignacio-nicolossi-baeza-286b035a/

Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network

Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Original video version at https://youtu.be/g5yiScRofxU

Dmytro Bilash joins us for a conversation about online disinformation - what it is, how it adversely affects democratic societies, who's behind it, and how we can combat this major and growing threat to social cohesion and political and economic stability.

A few contextual link from our discussion:

Dr. Egor Zakharov of the Swiss Federal Polytechnic Institute, Zurich (ETHZ) - AI expert, and participant in the ITBN AI&disinformation fireside chat:  https://ait.ethz.ch/people/egorzakharov

John Oliver/Last Week Tonight segment on Myanmar-related hate speech on Facebook:  https://youtu.be/OjPYmEZxACM

The Assault on Intelligence, by Michael V. Hayden:  https://www.penguinrandomhouse.com/books/566537/the-assault-on-intelligence-by-michael-v-hayden/

Offline, by Crooked Media - episode on TikTokers "discovering" Osama Bin Laden's "Letter to America":  https://youtu.be/kk84mCHWds8

Shaping Europe's Digital Future - Tackling online disinformation:  https://digital-strategy.ec.europa.eu/en/policies/online-disinformation

Finland is winning the war on fake news - CNN, 2019:  https://edition.cnn.com/interactive/2019/05/europe/finland-fake-news-intl/

Dmytro Bilash is a cybersecurity expert and investor, and co-founder and Chief Business Development Officer of Osavul, a Ukrainian AI cyberdefence firm.  Visit them at https://www.osavul.cloud/

You can find Dmytro on LinkedIn at https://www.linkedin.com/in/dmytro-bil

Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network

Original video at https://youtu.be/XQonzP3OVXU

Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Kojo Osei Amoyaw-Osei is a master's candidate at EM-Lyon Business School.  He joins us today to discuss his thesis project for the MSc programme in Cybersecurity and Defence Management.

Businesses face a growing set of challenges when building their information security maturity - specifically, Kojo has identified three core paradoxes in his research:  

1) Personalisation - delivering personalised experiences while respecting privacy preferences
2) Regulation - balancing regulatory compliance with data-driven strategies and innovation
3) Trust - earning and maintaining trust by adopting transparent data practices, implementing robust data security measures, and demonstrating responsible data use

This episode of the CyAN Secure-in-Mind video and podcast series turns our usual format around, as Kojo interviews John Salomon, the usual host of these sessions, based on his extensive experience in the industry, as part of his thesis research.

EM Lyon MsC in Cybersecurity and Defence Management:  https://em-lyon.com/en/news/who-will-you-learn-msc-cybersecurity-defense-management-program

Kojo on LinkedIn:  https://www.linkedin.com/in/kojooseiamoyawosei/

Check out the rest of CyAN's media channels on https://cybersecurityadvisors.network/media - and visit us at https://cybersecurityadvisors.network

Original video version of this conversation is at https://youtu.be/vG1zvwDpjpo

Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Thanks Jillian Kwong, Research Scientist at Cybersecurity at MIT Sloan (CAMS), for joining us today as we discuss Jillian's work in cybersecurity third party risk management and more.

Jillian has a PhD in Communication from the Annenberg School for Communication at the University of Southern California, where her dissertation looked at the human and managerial side of data privacy (e.g. GDPR, CCPA) implementation within mostly small and medium sized enterprises (SMEs). She's also a participant in the Cybersecurity Advisors Network (CyAN) mentorship pilot programme. 

Cybersecurity is a metrics-driven field; "soft" factors like management style, or how humans process information, are a major challenges for less mature, smaller enterprises.  This is more and more the case as regulatory and good practices requirements drive firms to understand their supply chain risk.  How can smaller organisations live up to these expectations?  

Even when a tremendous wealth of information and resources are available to help such firms, doing the right thing can be a daunting, difficult process.

Jillian has significant experience in understanding the day-to-day challenges of small business and their management through interviews and case studies as a complementary approach to more objective, quantifiable cybersecurity. 

This has allowed her to document the interconnected, complex nature of cybersecurity activities in SMEs.

Visit Jillian on LinkedIn at https://www.linkedin.com/in/jilliankwong

Cybersecurity at MIT Sloan:  https://cams.mit.edu

The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - Secure-in-Mind is also available as audio-only podcasts, find our channels via https://cybersecurityadvisors.network/media

Original source video at https://youtu.be/KcSZ1l_Eoik

Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

In today's Secure-in-Mind episode, we talk about cyberwarfare with Hugo Tarrida.

Hugo recently finished his master’s with a focus on cyber and hybrid warfare and the impact it has on security, at King's College London.

Cyber and hybrid warfare are rapidly evolving domains of conflict that encompass a wide array of threats and tactics. These strategies involve cyberattacks aimed at disrupting critical infrastructure, which includes power grids, financial systems, and communication networks, posing significant risks to national security. To counter these threats, effective strategies have to be developed and improved to counter an ever-growing digitalised and interconnected word.  

We delve into the impact of public-private collaboration aimed at fortifying defences, sharing threat intelligence, and developing resilience to mitigate the impacts of cyber warfare. In this ever-changing landscape, understanding these concepts and fostering cooperation is paramount for safeguarding our digital future.'

Visit Hugo on LinkedIn at https://www.linkedin.com/in/hugo-tarrida-ortega-32915a204

King's College London:  https://www.kcl.ac.uk/

The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - Secure-in-Mind is also available as audio-only podcasts, find our channels at https://cybersecurityadvisors.network/media

Original video version available at https://youtu.be/oRHIzDjdfjM

Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/

Remy Bertot joins us for the latest Secure-in-Mind episode.  Based on his work with Passbolt, makers of a popular open source password manager, Remy shares his observations on current trends and future expecations of passwords, authentication tokens, and similar mechanisms.

We talk about security in open source software, certifications and audits, telemetry and usage statistics, and how such OSS projects can optimize the community's knowledge.

Maybe most importantly, Remy discusses privacy-restricting legislation such as the current UK Online Safety Bill - and how these are bad things for society.  Remy is a contributor to Encryption Europe, an initiative designed to help support privacy, not least in the face of such governmental overreach.

Check out Remy's LinkedIn profile at https://www.linkedin.com/in/remy-bertot-7913a0254/

Passbolt is at https://www.passbolt.com/

Visit Encryption Europe at https://encryptioneurope.eu/

The Cybersecurity Advisors Network lives at https://cybersecurityadvisors.network - Secure-in-Mind is also available as audio-only podcasts, find us at https://cybersecurityadvisors.network/media

Intro/outro music courtesy of Studio Kolomna via Pixabay: https://pixabay.com/users/studiokolomna-2073170/